From Risks 14.86 Aug 24 1993

This is a Spook Central meeting, so the topics given are interesting `signal intelligence' on what's on the NSA^D^D^DNIST's mind at the moment. Also, it suggests what companies have active consulting & production arrangements with NSA (MITRE, Motorola, etc.). What's on their mind: hierarchical security systems (antithetical to the subversive PGP `web of trust'), distributed/network security, CLIPPER, `publishing work', (read: restrictions on cryptographic topics in journals?), `security requirements for cryptographic modules' (read: restrictions on cryptographic device export?) `International harmonization' by a Frenchman (hehe, sounds a lot like `Ministry of Truth'), a probable codeword for International Cryptographic Restriction. Acronyms: TPEP, TTAP -- sound big, what are they? Some kind of U.S. government `evaluation paradigms'. Again, probably for crypto-device export. Interesting presentations by spook outsiders & wannabes: virus attacks, `Security & Auditability of Electronic Voting Systems', `Privacy Impact of technology in 90's', `Electronic Crime Prevention & Investigation' Hopefully, some patriotic cypherpunk can sneak in and smuggle out a report! ------------------------------ Date: Thu, 19 Aug 93 12:32 EDT From: Reiner@DOCKMASTER.NCSC.MIL Subject: NCSC 16 Announcement for RISKS 16TH NATIONAL COMPUTER SECURITY CONFERENCE Dates: 20-23 September 1993 Location: Baltimore Convention Center Baltimore, Maryland Registration fee: $275 The National Computer Security Center and the National Institute of Standards and Technology will present the 16th National Computer Security Conference from 20-23 September at the Baltimore Convention Center. This year's three and one-half day program features tracks in : Research & Development; System Implementation; Management & Administration; Criteria & Evaluation; Tutorials & Other Presentations. aA summary of the technical program follows. To obtain more information about the technical program send a message to NCS_Conference at DOCKMASTER.NCSC.MIL or call the NCSC on 410-859-4371. To obtain a registration form, call the Conference Registrar at 301-975-2775 or send a message to NCS_Conference at DOCKMASTER.NCSC.MIL TECHNICAL PROGRAM SUMMARY: R&D TRACK PANELS - Strategies for Integrating Evaluated Products Chair: J. Williams, MITRE - Multilevel Information System Security Initiative Chair: G. Secrest, NSA - Trusted Applications Chair: J. Cugini, NIST - Best of the New Security Paradigms Workshop II Chair: H. Hosmer, Data Security Inc. - Enterprise Security Solutions Chair: P. Lambert, Motorola PAPER SESSIONS - Honesty Mechanisms Chair: E. Boebert, SCTC - Database Research Chair: M. Schaefer, CTA - Access Control Chair: P. Neumann, SRI SYSTEM IMPLEMENTATION TRACK Panels: - Perspectives on MLS System Solution Acquisition Chair: J. Sachs, ARCA - Network Management -- The Harder Problem Chair: R. Henning, Harris Corp. - Application of INFOSEC Products on WANs Chair: J. Capell, Lockheed - Security for the Securities Industry Chair: S. Meglathery, NYSE Paper Sessions: - Access Control Topics Chair: D. Balenson, TIS - Network Risks & Responses Chair: B. Burnham, NSA - Software Engineering Chair: V. Gibson, Grumman - System Engineering with OTS Products Chair: M. Tinto, NSA - Network Implementation Chair: F. Mayer, Aerospace Corp MANAGEMENT & ADMINISTRATION TRACK PANELS - Virus Attacks & Counterattacks: Real World Experiences Chair: J. Litchko, TIS - Terror at the World Trade Center Chair: S. Meglathery, NYSE - Contingency Planning in the 90s Chair: I. Gilbert-Perry, NIST - On a Better Understanding of Risk Management Techniques Chair: S. Katzke, NIST - Security Awareness, Training & Professionalization Chair: D. Gilbert, NIST - Accreditor's Perspective - How Much is Enough? Chair: J. Litchko, TIS - Security & Auditability of Electronic Voting Systems Chair: R. Mercuri, U. of Penn. - Protection of Intellectual Property Chair: G. Lang, Harrison Ave. Corp. - The Privacy Impact pof technology in the 90s Chair: W. Madsen, CSC - Electronic Crime Prevention & Investigation Chair: R. Lau, NSA PAPER SESSION - Managing & Promoting INFOSEC Programs Chair: D. Parker, SRI TUTORIALS & PRESENTATIONS TRACK Tutorials: - Threats & Security Overview A. Liddle, IRMC - Trusted Systems Concepts C. Abzug, IRMC - Trusted Networks R. Bauer, E. Schultz, ARCA - Trusted Databases G. Smith, W. Wilson, ARCA - Trusted Integration & System Certification J. Sachs, ARCA Panel Presentations: - CLIPPER Chip Chair: L. McNulty, NIST - Getting Your Work Published Chair: J. Holleran, NSA - INFOSEC Standards: The DISA Process Chair: W. Smith, DISA - Security Requirements for Cryptographic Modules; Chair: L. Carnahan, NIST CRITERIA & EVALUATION TRACK Presentations: - Introduction to the Federal Criteria G. Troy, NIST; D. Campbell, NSA - Federal Criteria: Protection Profile Development J. Cugini, NIST; M. DelVilbiss, NSA - Federal Criteria: Registration of Protection Profiles D. Ferraiool, NIST; L. Ambuel, NSA Panels - Federal Criteria: Protection Profiles for the 90s Chair: R. Dobry, NSA - Federal Criteria: Vetting & Registration of Protection Profiles Chair: L Ambuel, NSA - Evaluation Paradigms: Update on TPEP and TTAP Chair: S Nardone, NSA - European National Evaluation Schemes Chair: E. Flahavin, NIST - The European Evaluation Process Chair: P. Toth, NIST - International Harmonization I Chair: Y. Klein, SCSSI, France - Goals & Progress Toward the Common Criteria Chair: G. Troy, NIST - Federal Criteria User Forum Chair: C. Wichers NSA Plenary: "Information System Security Strategies for the Future" Chair: Stephen Walker Panel: James P. Anderson Dr. Willis Ware Dr. Roger Schell ------------------------------ End of RISKS-FORUM Digest 14.86 ************************